In a client/server computer environment, multiple client processes are coupled, typically through a network configuration, to one or more server processes. The server processes may comprise a dedicated process which performs a specific service such as providing access to a database or a network.
Typically, a client process wishing to access a server process must comply with an authentication protocol before access is granted. Many authentication protocols are based on passwords or password-derived information. Problems arise, however, when a client process modifies or changes its password, a server process does not yet have knowledge of a changed password. As a result, access to the server process may be denied until the server is updated with the information related to the password. In a multiple server environment, multiple denials as well as multiple updating procedures may result. Such a result is undesirable for a number of reasons.
In addition, the nature and format of the information related to the passwords may not be completely secured. A user selects a password which is then used to generate a binary value, i.e., a key. Specifically, when a user changes passwords the key traditionally does not change. Instead, the new password is used to encrypt the key which is then stored within a client identification file. If an imposture obtains both the identification file and the user password, subsequent of changing of passwords will not prevent the impostor from impersonating the user.
Accordingly, a need exists for a method and apparatus in which changing the password associated with a client process results in generation of a new key and new key identifiers which can be provided to secure server processes to defeat unauthorized use of a client profile.
A need further exists for a method in which providing a key identifier to a server process results in subsequent updating of other secure processes or servers having knowledge of that particular client process.
An additional need exists for a removable media apparatus which contains both current and noncurrent information associated with a client process which may be used to update a secure server process with the most current data during the authentication process.